Why is a voting system doing any kind of math at all? I voted yesterday in Belgium on a computer that puts my vote onto a card, which is then tallied separately. This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).

How can a computer "add phantom ballots"? Software does not just "glitch", it breaks in ways that depend entirely on how it was built.

Why is a voting system doing any kind of math at all? I voted yesterday in Belgium on a computer that puts my vote onto a card, which is then tallied separately. This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).

How can a computer "add phantom ballots"? Software does not just "glitch", it breaks in ways that depend entirely on how it was built.

How do you know this system is fraud free? Reading your comment doesn't convince me one bit. I voted too, in the Netherlands, and for the first time in years I had to use a pencil again. No guarantee that there are no counting errors, but they won't be systematic on a large scale.

How do you know this system is fraud free? Reading your comment doesn't convince me one bit. I voted too, in the Netherlands, and for the first time in years I had to use a pencil again. No guarantee that there are no counting errors, but they won't be systematic on a large scale.

Right. Ask a computer to count 1 million records and stop exactly on the millionth, and then ask a person to count 1 million cards and stop on the millionth. If you had to bet your life on it, who would you think would be more precise? Obviously computers have value.

On the other hand, I'm a firm believer in the idea that the source code should be available for review to make sure there are no weird bugs that could multiply votes, and there should be a paper trail so that the computer can be checked for voter fraud. Computers are more efficient, but not only are they more efficient at doing the right thing, and they're more efficient at doing the wrong thing. If the code tells them to count votes incorrectly (whether it's fraud or an inadvertent bug) they will very efficiently count the votes incorrectly.

i++; is essentially the same as the statement i=i+1;. If you have multiple threads running at the same time you can potentially lose data should more than one thread try to assign i the value of i+1 at the same time.

Yes, it's a threading issue. If you have multiple threads trying to update the value, some of them won't count. You'd either need to use a lock (and probably mark the variables as volatile) or use some kind of atomic update (like a read-modify-write operation).

Still, you'd have to be an idiot to even try to count votes as they're coming in. A much better approach would be to use a database. Database servers are already really good at handling concurrency and scaling. When a vote is cast, simply add a record to the database. Once the election's over, do something like "SELECT COUNT(*), candidate_id FROM votes GROUP BY candidate_id", and the results will be calculated based on the records in the database.

Really, you could only screw this up if you insisted on developing the entire system from scratch, rather than going with existing, well-tested code.

Sure, go ahead and add a field to the table and you've got a record of who voted for who, which is awesome!

The problem for slashdotters is that there is more to a voting system than JUST counting the votes properly.

You have to count the votes properly, provide proper auditing to validate that everyones vote got counted for who they voted for, all the while making sure that you don't actually know who specifically voted for who, even though you may need to prove that their vote was counted for a specific candidate later.

If all they had to do was count votes, they would have gotten it right cause even the $0.50/hour programmers from India can get that part right.

It does blow my mind however that we still get errors in electronic voting due to bugs, these companies are utterly failing and should be banned from making software such as these as soon as a bug like this is detected. It is not acceptable to have not tested your software properly before hand to detect this crap.

Exactly... why would it fail on a single-threaded program?
The problem is much more that just simple race-conditions on instruction level. What do you do if the program crashes? You have no way of recovering if all you do is increment an array.
It really should keep a cryptographically signed logs of each vote, on hardware designed to be read only using specialized key+hardware. The GUI app and the vote management app should be separate programs, with different user/privileges. This would avoid the more c

I doubt this is how the machines work, but to answer your question, assume thread A and B are voting machines trying to update a single vote count.

The three steps in doing that are:

1) Read the current value2) Increment the current value3) Store the result back in the memory location

If thread A and B read the current value at the same time, they will both increment that same value and both try to restore the new incremented-by-one value. So if current votes is 55, thread A and B will both simultaneously rea

I doubt this is how the machines work, but to answer your question, assume thread A and B are voting machines trying to update a single vote count.

The three steps in doing that are:

1) Read the current value
2) Increment the current value
3) Store the result back in the memory location

If thread A and B read the current value at the same time, they will both increment that same value and both try to restore the new incremented-by-one value. So if current votes is 55, thread A and B will both simultaneously read that value, increment 55 to 56 and store that result.

God, I hope not- that's a horrible algorithm.

Client threads should never query the server for the current tally. They simply need to post a single event that carries the argument(s) identifying the vote for the candidate/issue, and a unique ID (ie- an MD5 generated from the current user's voting ID) to prevent multiple votes. The only communication that the client should receive from the server is a confirmation that the vote has been received.

The real question is why is there a need for parallel processing? This is a voting machine, even a simple single core processor without any threads should be sufficient. As a matter of fact, I would try to make the software as simple as possible. When it is short and simple, there is less chance of hidden bugs or for a malicious programmer to hide something in the code. Also, any obfuscated code should not be allowed.

I am not a programmer, nor an election official, but that process is as dumb as a blade of grass.

Why upload during the day? We are only interested in the whole day's total.

Why reset the local count? Like the server is infallible?

Why transmit ANYTHING? Like I trust even a modem call to a dedicated line. There is not much easier than diverting a landline. All you need are cutters and spare wire. My modem is just like your modem. MY server will be like your server. I can tap in and listen to a few connec

eh...your first case statement is missing a break. As it currently stands, a vote for GEORGE_BUSH also adds a vote for AL_GORE.
I dunno maybe you left it out on purpose to make a point? I guess the bigger question is: why do I care? The answer of course is because I have no friends.

That, my friend, we will never find out. We would if these highly complex applications were OSS, but then again the complexity of these are so immense that 9/10 experienced programmers had their heads spontaneously explode upon viewing the first line of code. That or someone is bullshitting you.

As someone that's never bothered to do much more than a while loop, I am pretty sure I could belt out an "count the number of times I press 'a' and the number of times I press 'b'" in less than 10 minutes.

What's going on here is that the vast majority of computer software is crap. And if the programmers think that nobody is ever going to see the source and that it will be impossible to verify the results then the software they write is even crappier. And even if it were traced back to the incompetent programmers there'd be no liability for them... worst cases they get fired and go to work at some other company that doesn't know better than to hire them.

It is not just a counter. It might start off that way. Then someone wants to centralize the counting for all the machines.Someone wants centralized report generation. Someone wants the data encrypted or stored in a certain format.Then you throw in networking, threading, database... issues and it can very easily turn a simple 'counting' problem into something much more difficult.

The problem is probably that the developers of that voting software was probably exactly like the OP, thinking: I'm pretty sure I could write a program with a couple of buttons and a counter for each.

Really, the very first step you'd need to make, is separating the system into a GUI client, operator client and vote server. The vote server would be easier to verify due to very few libraries and unrelated code being used. The GUI client would not be able to mangle _all_ vote results in an instance due to

It still amazes me how "hard" it is to write a simple program. First have something to scan the ID, check that its unique then move to the voting. Have a few radio buttons that you click, then hit submit, each radio button corresponds to a candidate or a choice, they are added up and give you the results. How the crap do you screw that up?

How does a local election provider define the ballot? How do you ensure that the ballot programming is accessible to politicos and not computer programmers? How do you QA the ballot program? How do you verify that nobody has tampered with the ballot program after it has been QAed?

For QA, how do you do it without using official ballots that don't end up in the valid votes pile? Do you use a different form? Then the official ballot might be different from the test ballot and result in badly counted votes

Depends, have a list of candidates, choose the candidate, submit it. For a yes or no issue have two buttons, one yes the other no.

How do you ensure that the ballot programming is accessible to politicos and not computer programmers?

Either have a GUI or hire a programmer, I'm sure that the cost of one programmer and one or two other people is a lot less than hiring a team to hand-count votes.

How do you QA the ballot program? How do you verify that nobody has tampered with the ballot program after it has been QAed?

Sign it. Have the program check the signature, good signature it lets it go, bad signature it rejects it and throws up an error message.

For QA, how do you do it without using official ballots that don't end up in the valid votes pile?

Reimage the machine after use.

What happens if the scanner (for optical scanners) gets miscalibrated, or the ballot printer was miscalibrated when it printed them, so that alignments aren't off? What if the initial votes and ballots are correct but later ones are not because of changes in calibration or alignment? Think about multiple ballot runs off a printer in a high-volume election.

Simple, don't use scanners. Simply have it be all digital with a paper printout that may be used if the electronic voting failed due to errors, etc. The paper printouts could be hand-counted if there was a major failure.

What about different election types? "Most-of", "at-large", "one-of", "instant-runoff", etc.? What about the interactions between these election types and other election types on a single ballot? What about multiple ballots in small regional areas? Who programs them and verifies the programs?

Programmers and the town. Have an open meeting where anyone can discuss them, fix them, etc. You only need to hire one competent programmer to program a ballot. Multiple ballots are simply more XML files, trivial to make.

It still amazes me how "hard" it is to write a simple program. First have something to scan the ID, check that its unique then move to the voting. Have a few radio buttons that you click, then hit submit, each radio button corresponds to a candidate or a choice, they are added up and give you the results. How the crap do you screw that up?

Well, in the case of New York State, our fearless leaders in Albany changed the requirements no less than 15 times after signing a contract with the vendor for new voting machines. Then after they finally agreed on a set of requirements they decided that they needed voting machines for 62 counties right now so they'd have them in time for the election. Then after the machines arrived they changed the requirements again and needed the new software for them right now.

Doing business with the Government is not an easy undertaking. The only good thing that came out of it is our fearless leaders weren't stupid enough to go with a DRE (direct electronic recording) system. We still have paper ballots that can be counted by any human being if the computer system fails. All the computer does is tabulate them and provide an interface for those voters (the blind/handicapped) whom can't fill out paper ballots themselves.

We still have paper ballots that can be counted by any human being if the computer system fails. All the computer does is tabulate them and provide an interface for those voters (the blind/handicapped) whom can't fill out paper ballots themselves.

This is how all electronic voting systems should work. No automated result should be legally admissible for anything unless a human can double-check that result. It's like those robot radar guns that snap a photo of your license plate and then mail you a ticket. There's no defense against it or way to double check it -- there's no human to put on the stand and testify against you. (I'm sure there are legal ways around this that let places use this technology but I disagree with them.) It's the same wit

Hey, you are preaching to the choir here. I became a NYS Elections Inspector primarily so I could see how the machines and procedures work behind the scenes. I'm convinced that we have a good system.

The new machines we use have two main components. The ballot scanner and ballot marking device (BMD). The BMD is only used by handicapped voters. It consists of different interfaces (a control pad, a sip/puff device, foot pedals, LCD screen and headphones) designed for people with various disabilities. It

At least here in LA County it is extremely complicated.Given that the law requires us to have a maximum of 1,000 residents per precinct and that ballots must not show the same candidates in the same order on any subsequent precincts, there are a ton of complications. Keep in mind, we have well over 8M potential voters in LA County and 5,000 precincts. (Let's not even get into the fact that we print ballots in eight languages by Federal law.)

If, at nearly identical points in time two people vote for the same canidate then what happens in the computer is that the system goes and gets the value of totalVotes[canidate] and stores it in a register or cache or whatever, then it adds 1 to that, and then puts it back into the memory location for totalVotes[canidate]. If there is only one person doing that at any given time, no harm no foul, everything is fine.

...but I can't understand how a glorified logger can be this far off. With hand-shaking and all the rest of it, it just staggers me that something this simple is so hard. If our systems or audit logging were off by more than 5k, our nuts would be in a sling, and our projects sure as heck aren't as big as these puppies.

"You may be able to argue that a five thousand vote error is a small price to pay for a national election but these errors are certainly inadmissible on a much smaller scale.

A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.

There is absolutely no reason or excuse for software to miscount votes. It isn't rocket science.

I know I'm preaching to the choir here, but this shit just pisses me off. It's a matter of national and local integrity that our voting systems are transparent. Please support blackboxvoting.org [blackboxvoting.org] if you don't have the time to get involved in a deeper fashion (calling/writing your legislators, etc).

Note: I'm not affiliated with blackboxvoting.org. I just appreciate their work.

Agreed that 5000 votes is completely unacceptable even on the largest scale elections. That's an order of magnitude higher than the margin between candidates in Florida in the US 2000 presidential election!

A software error resulting in +/- 5000 votes cast is unacceptable on any level, even if it gets drowned out on the national level in the US.

You know, some people are always complaining. First you complain that there's not enough people turning out to vote each election, that people are apathetic, etc. Finally someone develops some software that fixes that problem and now everyone complains about that!!

TFA only tells me the numbers and the guy's plans, nothing about the actual bug. What was it? It seems awfully hard to screw up adding two numbers together to get a third number, which is basically what that software was doing. Has it occurred to anyone that it might have been tampering? It seems to me that, with the fairly large (tens of thousands) number of votes, adding or removing just enough to make it a runoff would be the perfect vote tampering scheme - too little to draw much attention, but enough to actually make a difference.

The initial Tuesday night report said incumbent Ron Kroeger received 49.96 percent of the vote, short of the 50 percent plus 1 vote re-election requirement. The recount found he actually received 51.8 percent, more than enough to secure his seventh term over challengers John Roberts and Steve Rolinger.

Doesn't anyone think that 49.96%, short of 50% is too perfect for a random error? Most software errors will cause the numbers to explode, either to 0 or some gigantic number.

In related news its apparently very easy to convince the media that programming voting machines is hard. I seriously doubt this was an accident. Independent testing should have flushed this bug out very early.

I find it interesting that companies that make ATMs for systems that track things down to the penny are unable to track much smaller numbers with errors of plus or minus THOUSANDS.

Maybe we should just start voting at ATMs?

Oh wait, that's what the lobbyists do already.

No, that's merely where the lobbyists get their ballots... twenty of them on each sheet. It's sort of like absentee voting. They actually need to send them to various drop off points like the PR firm and the offices of a few dozen Congressmen to actually vote.

But you're right about one thing. One way or another, their votes are always counted correctly.

I find it interesting that companies that make ATMs for systems that track things down to the penny are unable to track much smaller numbers with errors of plus or minus THOUSANDS.

I had ATMs screw up four times in about 8 years. One of the four times, a Diebold machine refused to give me the money, gave me no receipt, just had a "failure" message on screen, but the withdrawal was somehow recorded. It was on a national holiday over here, so nobody could be reached for help, the maintainers of the ATM network refused to acknowledge the error, and instructed me to file a complaint to the bank the day after.

The bank refused to reimburse the money, that's why I won't do business with Ban

Nah, I've HAD the ATM screw up before, and record a deposit twice. The bank happily deducted it from my account later. I've also had an ATM record a withdrawal three times for the one transaction. Took me a couple weeks of back and forth for them to get it all straightened out. So, the ATMs *do* screw up, but the banks don't care because in the end they don't lose any money. The only one that suffers is the customer (by being out my $$ for two weeks).

This case quite clearly highlights all the advantages of an paper trail.

Dispite a the software part of the IT system, we're capable of finding the true result of the election because we've still got the paper votes.

Result: the voting system works.

Compare and contract this to an system which didn't have paper ballots. It would be almost impossible to even see if there was a problem, let alone be able recover from it. You could possibly see that the numbers were wrong if they'd taken an register of who'd vo

No one yet has provided me a compelling argument for why we need to use electronic voting.

It seems to be simply a combination of techno-fetish with an illogical push toward "the new thing" which someone has sold as "better".

Yes, it is hard to conduct an election. Making machines do the counting would reduce the human effort, but the cost way is too high. While I was open to the concept initially, the graft and fraud uncovered leaves me with no confidence any longer that the machines in an election booth w

I posted a question yesterday about what was wrong with a simple program. No-one seemed to know so here's my attempt at writing that simple program. Feel free to tear my ideas to pieces. Hint: I am not a programmer.

MAIN:
print("Please enter your Voter ID")
scan, store as voterID
if (voterID == any value in array of legal voters)
then run the vote program
else {
print("Error")
go back to main }

VOTE:
print("Enter your choice of candidate")
scan, store as candidate
if (candidate == A) {
then record vote for candidate A
remove voterID from array of legal voters
exit }

There is a very simple, comparatively low-tech fix for broken elections that involve paper ballots.

As we do in Humboldt County, CA, run all ballots through an off-the-shelf scanner and run an independent count with independent, open source software. Ballot Browser (open source, Python, GPL from me) is available for tweaking and the basics are explained in April's Python Magazine. Or, it's really not that difficult to write your own bubble-reading software.

Ok, being serious here. I'm an eng for a software development company. Security is a very aspect of our software; we store patient records for DoD hospitals.

I'm honestly scratching my head here, completely confused as to how anyone...anyone...could take a concept as overwhelmingly farking simple as COUNTING and screw it up. Seriously. I'm pretty sure I could have a reliable, bug-free (oh yes, I made that claim), fully auditable system created in a few days. I really, really don't understand why the hel

Well a sufficiently high level of incompetence is indistinguishable from malice.So maybe the people responsible should be punished as if they did it on purpose.

Because we're not actually talking about "just counting". We're talking about something far more important - voting.

The USA keeps making disparaging remarks about non democratic countries, spends hundreds of billions of dollars and thousands of lives to establish democracies/"regime change", but can't even count votes properly back home. Come on, we

Some people's vote is double counted. For others, only 0.2 extra votes were added. (0.6 original vote and another 0.6 double counted vote). Looks like they followed the constitution a little too strictly and counted *some* people as only 3/5 people.

When you make the Choice to make something closed, especially something this important, you really should be taking on the responsibility for any errors, bugs, security flaws or back-doors that end up in the software.

If you're willing to take the responsibility, than any error should be considered criminal--as in jail time for the CEO and others who made the (now obviously wrong) decision to keep the information private.

If you don't want the responsibiliy, that's totally understandable--just open the software for peer review by anyone.

I'm getting kind of tired of CEOs and politicians with no competency doing jobs they obviously don't understand, taking authority and reward without responsibility. I realize they are hard jobs, but doesn't that make it even more important to hire someone intellictually and morally competent instead of some college drinking bud from the good ole' boy network?

As part of the agreement for purchasing the voting machines, add a clause that subtracts $1.00 for each vote miscalculated.This should make the voting machine creators be much more careful about the software they supply.

You mean, something that would be caught even by the most simplistic testing procedure ? Or, failing that, by the "certification experts" that were supposed to test the machine before validating its use for elections ?

It's probably more like they aren't rolling back some transaction on a network error or something. Network timeouts, etc, are probably doubling up the votes from that machine. It's probably an unusual error so it doesn't get caught in testing. Like busy networks on election night? It's not that hard to imagine.

It's called paper based voting.There are plenty of good paper based systems around.

They scale. The more voters you have, the more volunteers and observers you should be able to get.

The counting of each ballot can be observed by party representatives and independent 3rd party observers/monitors. In my country, the counter holds up each ballot paper to show it to "everyone". It'll take a fair number of magicians to cheat in this and they would have to work a lot harder to cheat without getting caught.